Welcome to the Merchant Advisory Group CyberRisk Hub!


You must be a registered user to access the CyberRisk Hub.

  • If you are already registered, enter your Username and Password in the Member Login box in the upper right corner of this screen.
  • If this is your first time here, please complete the New User Registration form below.

Note: You must have a valid Access Code in order to complete your registration. You should have received an Access Code with your policy. If you do not have an Access Code, please contact info@merchantadvisorygroup.org. If you have an Access Code, but are experiencing difficulties registering or logging in, please contact registrar@eriskhub.com.

New User Registration

DISCLAIMER: This site is operated by NetDiligence® to benefit members of the Merchant Advisory Group (“MAG”). Links found within this site may open a new browser window and take you outside the CyberRisk Hub to another website, the contents of which are maintained by third parties over whom NetDiligence has no control. NetDiligence provides links to these external sites for your convenience and awareness. If you leave the CyberRisk Hub to go to another website, you will be governed by the privacy policy and information sharing policies of such other site(s). NetDiligence accepts no responsibility for the content of linked sites. Upon request of the content source, we will remove links.

The MAG CyberRisk Hub that MAG engaged NetDiligence® to provide for you, lists specific third-party technical and legal resources that may assist you in recovering from an incident. Please note that MAG has listed these highly specialized vendors solely as a convenience to you and to help you expedite your recovery. Be aware that MAG does not endorse the vendors’ respective services. MAG is not affiliated with these third-party vendors nor are we receiving compensation or other benefit for listing them in this portal. Before you engage any of these companies, MAG urges you to conduct your own due diligence to ensure the companies and their services meet your needs. Unless otherwise indicated or approved, the cost of services from these companies is your responsibility. Should you choose to engage a vendor or service, you are doing so at your own risk and MAG has no liability to you regardless of the outcome of your engagement of any vendor The CyberRiskHub also contains certain tools, descriptions, checklists, guidance, and aggregated information. MAG provides these resources solely as a convenience to you, and does not endorse these resources or warrant the accuracy of information provided or contained in these resources. The MAG is not providing any legal advice to you and in the event of a data breach or other security incident, you are urged to engage with your own professionals, legal and otherwise.

Junto Plus

Business Email Compromises in Office 365

A Q&A with Chris Salsberry of The Crypsis Group

One of the most prominent cyber threats affecting companies right now is business email compromise (BEC). These attacks typically begin with phishing emails that capture log-in credentials. The widely used cloud-based Microsoft Office 365 has proven especially vulnerable, with millions of dollars lost in fraudulent wire transfers over the past couple of years. We talked to The Crypsis Group’s senior director Chris Salsberry about this attack vector and how companies can avoid being compromised.

12/21/18 | Junto Plus